UNITED STATES PATENT AND TRADEMARK OFFICE
` BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`Page 1
`
` _________________________
` )
` PALO ALTO NETWORKS, )
` INC., and BLUE COAT )
` SYSTEM, INC., )
` )
` Petitioners, )
` )
` vs. ) Case IPR2016-00159
` ) Patent No. 8,677,494
` FINJAN, INC. )
` )
` Patent Owner. )
` )
` _________________________)
`
` DEPOSITION OF DR. NENAD MEDVIDOVIC
` Santa Monica, California
` Thursday, November 3, 2016
` Volume I
`
` Veritext Legal Solutions
` Mid-Atlantic Region
` 1250 Eye Street NW - Suite 350
` Washington, D.C. 20005
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`1
`2
`
`3 4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`
`22
`23
`24
`25
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
` BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`Page 1
`
` _________________________
` )
` PALO ALTO NETWORKS, )
` INC., and BLUE COAT )
` SYSTEM, INC., )
` )
` Petitioners, )
` )
` vs. ) Case IPR2016-00159
` ) Patent No. 8,677,494
` FINJAN, INC. )
` )
` Patent Owner. )
` )
` _________________________)
`
` DEPOSITION OF DR. NENAD MEDVIDOVIC
` Santa Monica, California
` Thursday, November 3, 2016
` Volume I
`
` Veritext Legal Solutions
` Mid-Atlantic Region
` 1250 Eye Street NW - Suite 350
` Washington, D.C. 20005
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`1
`2
`
`3 4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`
`22
`23
`24
`25
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`2
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
` UNITED STATES PATENT AND TRADEMARK OFFICE
` BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`Page 2
`
` _________________________
` )
` PALO ALTO NETWORKS, )
` INC., and BLUE COAT )
` SYSTEM, INC., )
` )
` Petitioners, )
` )
` vs. ) Case IPR2016-00159
` ) Patent No. 8,677,494
` FINJAN, INC. )
` )
` Patent Owner. )
` _________________________)
`
` Deposition of DR. NENAD MEDVIDOVIC, Volume I,
` taken on behalf of Petitioner, at 1333 2nd Street,
` 4th Floor, Santa Monica, California, beginning at
` 9:40 a.m., and ending at 12:30 p.m., on Thursday,
` November 3, 2016, before LORI M. BARKLEY, Certified
` Shorthand Reporter No. 6426.
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`Page 3
`
` A P P E A R A N C E S :
`
` F o r P e t i t i o n e r :
`
` C O O L E Y L L P
`
` B Y : O R I O N A R M O N
`
` A t t o r n e y a t L a w
`
` 3 8 0 I n t e r l o c k e n C r e s c e n t , S u i t e 9 0 0
`
` B r o o m f i e l d , C O 8 0 0 2 1 - 8 0 2 3
`
` 7 2 0 . 5 6 6 . 4 1 1 9
`
` o a r m o n @ c o o l e y . c o m
`
` F o r P a t e n t O w n e r a n d D e p o n e n t :
`
` K R A M E R L E V I N N A F T A L I S & F R A N K E L L L P
`
` B Y : J A M E S H A N N A H
`
` A t t o r n e y a t L a w
`
` 9 9 0 M a r s h R o a d
`
` M e n l o P a r k , C a l i f o r n i a 9 4 0 2 5
`
` 6 5 0 . 7 5 2 . 1 7 1 2
`
` j h a n n a h @ k r a m e r l e v i n . c o m
`
` W I L S O N S O N S I N I G O O D R I C H & R O S A T I
`
` N e i l D e s a i , E s q . ( T e l e p h o n i c a l l y )
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`1
`
`2 3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`1 0
`
`1 1
`
`1 2
`
`1 3
`
`1 4
`
`1 5
`
`1 6
`
`1 7
`
`1 8
`
`1 9
`
`2 0
`
`2 1
`
`2 2
`
`2 3
`
`2 4
`
`2 5
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
` INDEX
`
` WITNESS EXAMINATION
`
`Page 4
`
` DR. NENAD MEDVIDOVIC
`
` Volume I
`
` BY MR. ARMON 6
`
` EXHIBITS
`
` NUMBER DESCRIPTION PAGE
`
` Exhibit 1 Declaration of Nenad Medvidovic 7
`
` Exhibit 2 U.S. Patent No. 8,677,494 7
`
` Exhibit 3 U.S. Patent No. 6,092,194 26
`
` Exhibit 4 Swimmer Article 33
`
` Exhibit 5 Martin Article 62
`
` Exhibit 6 Exhibit 2025 Referenced in 68
`
` Paragraph 161 of Nenad
`
` Medvidovic's Declaration
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`1
`
`2
`
`3
`
`4
`
`5 6
`
`7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`Page 5
`
` INDEX (Continued):
`
` EXHIBITS
`
` NUMBER DESCRIPTION PAGE
`
` Exhibit 7 Exhibit 2027 Referenced in 77
`
` Paragraph 162 of Nenad
`
` Medvidovic's Declaration
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
` Santa Monica, California, Thursday, November 3, 2016
`
` 9:44 A.M.
`
`Page 6
`
` DR. NENAD MEDVIDOVIC,
`
` having been administered an oath, was examined and
`
` testified as follows:
`
` MR. ARMON: This is Orion Armon, lead counsel
`
` for Petitioner Palo Alto Networks.
`
` Counsel, please state appearances.
`
` MR. DESAI: This is Neil Desai, Counsel for
`
` Petitioner, Blue Coat Systems, Inc.
`
` MR. HANNAH: James Hannah from Kramer Levin
`
` representing Finjan, and the witness.
`
` MR. ARMON: This is a deposition in Case Number
`
` IPR 2016-00159 concerning U.S. Patent Number 8,677,494.
`
` EXAMINATION
`
` BY MR. ARMON:
`
` Q. Please state your full name for the record.
`
` A. Name is Nenad Medvidovic, spelled N-E-N-A-D,
`
` M-E-D-V-I-D-O-V-I-C.
`
` Q. Thank you.
`
` Is there any reason why you can't provide
`
` complete and accurate testimony today, Dr. Medvidovic?
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`1
`
`2
`
`3 4
`
`5
`
`6
`
`7 8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
` A. No reason.
`
` Q. You've submitted a declaration in this case,
`
`Page 7
`
` correct, sir?
`
` A. That is correct.
`
` MR. ARMON: Exhibit 1, please.
`
` (Exhibit 1 was marked for identification by the
`
` court reporter and is attached hereto.)
`
` BY MR. ARMON:
`
` Q. Exhibit marked as 1 is the declaration you've
`
` submitted in this case, correct?
`
` A. That is correct.
`
` Q. And that's your signature on page 97 of the
`
` document, correct?
`
` A. That is correct.
`
` Q. You can set that aside for now. I passed it to
`
` you so that you have it at your disposal.
`
` MR. ARMON: Exhibit 2, please.
`
` (Exhibit 2 was marked for identification by the
`
` court reporter and is attached hereto.)
`
` BY MR. ARMON:
`
` Q. Exhibit 2 is U.S. Patent 8,677,494, subject of
`
` this proceeding.
`
` I take it that you are familiar with the patent,
`
` correct, sir?
`
` A. That is correct.
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
` Q. First question concerns disclosure in column 2.
`
` Please turn to page 17, specifically, the summary of the
`
`Page 8
`
` invention.
`
` Now, the summary of the invention, sir,
`
` describes that (as read):
`
` The present invention provides
`
` protection systems and methods capable
`
` of protecting a personal computer from
`
` harmful, undesirable, suspicious or
`
` other "malicious operations" that might
`
` otherwise be effectuated by remotely
`
` operable code.
`
` Do you see that?
`
` A. I do.
`
` Q. So you'd agree that as characterized in the
`
` summary of the invention, that suspicious or "malicious
`
` operations" are synonymous, correct?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: This sentence in particular seems
`
` to suggest that harmful, undesirable, suspicious and
`
` possibly other kinds of operations would be or could be
`
` placed under the term "malicious."
`
` BY MR. ARMON:
`
` Q. And that's why malicious is in quotation marks,
`
` correct?
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 9
`
` MR. HANNAH: Object to the form.
`
` THE WITNESS: My guess, it's very difficult to
`
` know what specifically the author of the patent wanted
`
` to imply by "malicious." My guess is that in this
`
` particular case, the author or the authors were
`
` referring to the fact that malicious is something, is a
`
` term that is used in the art, so they were just trying
`
` to clarify what they mean by it. But that is my guess.
`
` Again, there is not enough information in this
`
` one sentence to confirm that.
`
` BY MR. ARMON:
`
` Q. Sir, malicious in quotes as referred to here is
`
` characterized as operations that may or may not be
`
` actually malicious, correct?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: Can you show me where you're
`
` reading that from? Sorry. I mean, malicious means
`
` malicious, to me, so saying that malicious may mean
`
` malicious or not malicious seems to kind of defy the
`
` purpose of using the word "malicious."
`
` BY MR. ARMON:
`
` Q. Well, malicious is in quotation marks, correct?
`
` A. Yes, it is.
`
` Q. Let's step back three words to line 54, and the
`
` word "suspicious."
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 10
`
` A process that is suspicious as described in the
`
` '494 patent may or may not be actually malicious,
`
` correct?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: In a general sense, an operation
`
` rather than a process that is suspicious may, depending
`
` on what context we're talking about, may be shown to be
`
` actually not malicious in that particular context, that
`
` is possible.
`
` But in the context of this particular sentence I
`
` don't know that there is anything that indicates that
`
` that kind of process is being suggested here.
`
` BY MR. ARMON:
`
` Q. Well, you would agree, sir, that to a person
`
` skilled in the art, a suspicious operation is not
`
` necessarily an operation that would be characterized as
`
` malware, correct?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: So now we're introducing yet
`
` another term, so just divorced of context and divorced
`
` of the '494 patent, it is possible to employ steps to
`
` help you -- help one understand whether an operation
`
` that has been identified as suspicious is actually
`
` malware. That is possible.
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 11
`
` BY MR. ARMON:
`
` Q. In the context of the '494 patent, the
`
` '494 patent does not teach that all suspicious
`
` operations are actually malicious, correct?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: I don't know that the '494 patent
`
` teaches that all suspicious operations are not actually
`
` malicious. I'm not -- I don't recall unless you point
`
` me to the specific text. I don't recall that the
`
` '494 patent elaborates on this particular point.
`
` BY MR. ARMON:
`
` Q. Let's turn to column 6 on page 19 of Exhibit 2.
`
` I'll direct your attention to the last paragraph of
`
` column 6 beginning at line 56. That text begins
`
` (as read):
`
` Figure 1A, also broadly illustrates
`
` how embodiments of the invention are
`
` capable of selectively, modifiably, or
`
` ostensibly providing protection to one
`
` or more determinable ones of networks
`
` substance systems.
`
` And starting at line 60 (as read):
`
` Against potentially harmful or
`
` other undesirable, again, malicious in
`
` quotes, effects, in conjunction with
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 12
`
` receiving downloadable information.
`
` So, again, as used here, sir, you'd agree that
`
` when malicious in quotes is referred to as it is on
`
` row 61 or line 61, that the patent contemplates that
`
` operations or effects that are potentially harmful may
`
` actually not be when they're closely examined, correct?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: Again, this patent doesn't talk
`
` about that step of closely examining these things. In
`
` general, outside of the context of the '494 patent, it
`
` is possible that something that is identified as
`
` potentially harmful in reality is not harmful, at least
`
` in some settings. It may be harmful in other settings.
`
` That is possible.
`
` But, again, the '494 patent, to the best of my
`
` recollection, does not elaborate on that one way or the
`
` other.
`
` BY MR. ARMON:
`
` Q. Stepping back a moment with respect to the
`
` '494 patent the inventions claimed in this patent are
`
` not based upon any teachings of the use of artificial
`
` intelligence, correct?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: The patent itself does not use
`
` terms such as artificial intelligence, but I haven't
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
` really thought about it in those terms. It may be
`
` possible to implement some of the things that the patent
`
` talks about perhaps using AI. I just -- as we sit here,
`
`Page 13
`
` I don't know one way or the other.
`
` BY MR. ARMON:
`
` Q. But there's no disclosure in the patent that you
`
` recall that discloses any of these operations being
`
` performed with the assistance of artificial
`
` intelligence, correct?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: Again, the most comfortable that I
`
` can be is with the original statement, which is that I
`
` don't believe that the term "artificial intelligence" is
`
` mentioned in the patent. Whether it's specific
`
` techniques that are discussed in the patent may be
`
` implemented using AI techniques or methods or
`
` algorithms, that's a separate matter, but again, I
`
` haven't really done that analysis.
`
` BY MR. ARMON:
`
` Q. Okay. None of the claims in the '494 patent
`
` recite autonomous decision making by computer, correct?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: That is a question that we could
`
` probably debate, because it really depends on how we
`
` define what autonomous decision making is and where we
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 14
`
` draw the line that says the computer right now is doing
`
` what the programmer is telling it to do versus the
`
` computer has indeed been programmed by a programmer, but
`
` has the capability to use whatever information it has at
`
` its disposal to effect some additional behaviors. That
`
` in general is a very tricky distinction to make.
`
` So, again, I think we're safest if we
`
` acknowledge that the term "artificial intelligence" is
`
` not used anywhere in the claims, but whether this could
`
` be accomplished, for example, deriving security profile
`
` for the downloadable, whether that could be accomplished
`
` using A-Star or some other type of search algorithm, it
`
` is conceivable.
`
` But again, this is -- I haven't done that
`
` analysis and I haven't built such a solution, so I'm
`
` just saying that it's conceivable. I don't have any
`
` evidence before me that it has been done that way.
`
` BY MR. ARMON:
`
` Q. As of the priority date for the '494 patent, did
`
` any artificial intelligence systems even exist that
`
` could have performed the step you just referred to as
`
` deriving security profile data?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: Again, it's not something that
`
` I've done any analysis of, because I wasn't asked to,
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 15
`
` and as we sit here, I don't know for sure. It is
`
` possible, but I don't know for sure.
`
` BY MR. ARMON:
`
` Q. How many artificial intelligence systems
`
` existed, if any, as of the priority date of the
`
` '494 patent?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: I don't know how many. I actually
`
` couldn't answer that question today. That's kind of a
`
` tricky question to answer, because depends on what we
`
` define by the term "artificial" or what we mean by the
`
` term "artificial intelligence system," but there were
`
` certainly AI systems. AI predates the priority date of
`
` this patent, certainly.
`
` But again, it is not the kind of analysis that I
`
` opined on in my declaration.
`
` BY MR. ARMON:
`
` Q. Let's turn to column 18, page 25 of Exhibit 2.
`
` I'll direct your attention to the last paragraph on the
`
` bottom of column 18. Now, you would agree, sir, as
`
` expressly recited, beginning on line 62 and continuing
`
` downward, the '494 patent characterizes malicious
`
` operations as including file operations, correct?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: As an example, it is stated on
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
` line 63 that malicious operations can include file
`
`Page 16
`
` operations.
`
` BY MR. ARMON:
`
` Q. Such as file writing, correct?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: That is one of the four examples
`
` provided there, yes.
`
` BY MR. ARMON:
`
` Q. And you're referring to column 18, line 64,
`
` correct, or 63 and 64?
`
` A. Correct, where it says (as read):
`
` E.g., reading, writing, deleting or
`
` renaming a file.
`
` Q. I'll ask you to turn to page 27 of Exhibit 2.
`
` These are the claims, correct?
`
` A. Yes. Starting in column 21, line, what is this?
`
` 18, that's where the claims are, yes, all the way
`
` through the end of column 22.
`
` Q. You're familiar with the claims of the
`
` '494 patent, correct?
`
` A. Correct.
`
` Q. Now, first, direct your attention to the
`
` deriving security profile data limitation in Claim 1.
`
` A. Okay.
`
` Q. You see that?
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 17
`
` A. I do.
`
` Q. You agree that the security profile data for a
`
` downloadable could encompass data about operations that
`
` are not hostile, correct?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: Can you clarify to me why I would
`
` agree with that?
`
` BY MR. ARMON:
`
` Q. That's my question.
`
` Do you agree or not?
`
` A. Well, okay. So you said you would agree, right,
`
` and I'm asking why I would have to agree with that,
`
` meaning that it is not obvious to me that I would have
`
` to agree with that. This says (as read):
`
` Deriving security profile data for
`
` the downloadable including a list of
`
` suspicious computer operations, that
`
` may be attempted by the downloadable.
`
` Just to be complete. So the only thing that
`
` this mentions is the list of suspicious computer
`
` operations.
`
` Q. Okay. So the claim language says (as read):
`
` Deriving security profile data for
`
` the downloadable, including.
`
` So based upon use of the word "including," you'd
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 18
`
` agree that security profile data is not limited to a
`
` list of suspicious operations, correct?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: Yes. I will allow that there may
`
` be other things in the security profile data such as,
`
` for example, the name that may be given to a particular
`
` security profile, but I thought your question was that
`
` there would be non-suspicious computing operations, or
`
` computer operations, in the DSP or downloadable security
`
` profile, and that, I would not agree with based on the
`
` language of the claim.
`
` BY MR. ARMON:
`
` Q. So I think this is a very important question.
`
` Glad you raised it.
`
` So it's your opinion, sir, that the claims of
`
` the '494 patent would not cover a system that generates
`
` security profile data for downloadables that includes
`
` non-suspicious computer operations?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: So that is a different, or
`
` actually a very different question you're asking me now,
`
` so now you're asking me to opine on the, I guess the
`
` scope of the claim. If you're asking me to opine on the
`
` scope of this particular claim, the -- as long as the
`
` security profile data for the downloadable includes a
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 19
`
` list of suspicious computer operations that may be
`
` attempted by the downloadable, that -- and that security
`
` profile data has been derived from some data, larger
`
` amount of data presumably that came over a network, then
`
` that meets this particular element of the claim.
`
` So if you receive -- let me clarify that. If
`
` you receive some downloadable from that received
`
` downloadable you derived, the security profile data,
`
` which includes this list of suspicious computer
`
` operations that may be attempted by the downloadable,
`
` this claim element has been met.
`
` BY MR. ARMON:
`
` Q. Your opinion, then, is that Claim 1 of the
`
` '494 patent would cover a system that generates security
`
` profile data for downloadables that includes
`
` non-suspicious computer operations?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: There, we're speculating about a
`
` security system that would have to have a reason for
`
` including non-suspicious computer operations in
`
` something that is called security profile for the
`
` system. If you want to or can give me an example of a
`
` specific system where that is true, in other words,
`
` there is a security profile and there is a perfectly
`
` legitimate reason for why within that security profile
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 20
`
` you include non-suspicious computer operations, then I
`
` would be happy to consider that.
`
` But in a vacuum, this -- that question seems to
`
` be too open-ended to me. I'm not sure how to answer it.
`
` BY MR. ARMON:
`
` Q. I'm asking you about your understanding of the
`
` claims, without reference to a particular system. So
`
` does -- can security profile data include non-malicious
`
` computer operations?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: Again, if you are deriving from
`
` the downloadable the security profile data and if that
`
` security profile data includes a list of suspicious
`
` computer operations that may be attempted, then you're
`
` meeting this element of the claim.
`
` If in the process of deriving you include
`
` additional information, as long as you're meeting the
`
` element of this claim, the derivation process for the
`
` security profile data is what is the important thing
`
` here.
`
` So for example, something that would not meet
`
` the element of this claim would be to say, well, I will
`
` derive the security profile simply by reading the code
`
` and noting all the operations that might be attempted.
`
` Then there, you don't really -- you're not making a
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 21
`
` conscious distinction between the suspicious operations
`
` and non-suspicious computer operations.
`
` BY MR. ARMON:
`
` Q. Isn't it theoretically possible that all of the
`
` operations in a downloadable could be suspicious?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: That would really have to depend
`
` on the context. I don't actually know whether you could
`
` write a downloadable that where every single one of the
`
` operations is suspicious. I would like to answer your
`
` question with a yes, but I'm concerned that without
`
` having really tried to do it, it might turn out to be
`
` impossible.
`
` In other words, in order for you to actually
`
` build a properly constructed downloadable, it may be
`
` impossible to only use some set of operations that are
`
` deemed suspicious, that you might, in fact, have to use
`
` regular, sort of vanilla operations.
`
` BY MR. ARMON:
`
` Q. So it's at least theoretically possible that the
`
` vast majority of operations in a downloadable could be
`
` suspicious setting aside from what you've characterized
`
` as vanilla operations?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: I have not done it, so I don't
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 22
`
` know.
`
` BY MR. ARMON:
`
` Q. The '494 patent does not include any teaching
`
` about how to derive a list of suspicious computer
`
` operations, correct?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: I would have to disagree with
`
` that. I think that the big element of '494s purpose is
`
` to teach you how to derive that list. That's part of
`
` '494s, if you will, value added, is to teach you how to
`
` derive that list.
`
` Another part of it is to teach you how to store
`
` it in a database.
`
` BY MR. ARMON:
`
` Q. Where in the '494 patent is the teaching that
`
` you're referring to concerning derivation of security
`
` profile data?
`
` A. I thought that just a minute ago you pointed me
`
` to one specific example, but that was in a body, larger
`
` body of text.
`
` Q. Are you referring to column 18 on page 5?
`
` A. 18, correct, so it says (as read):
`
` During downloadable operation,
`
` resource access analyzer receives and
`
` determines a response to diverted
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 23
`
` downloadable operations in accordance
`
` with corresponding protection policies
`
` of Policies 342.
`
` And then further on (as read):
`
` Malicious operations can, for
`
` example, include in a Windows
`
` environment file operations, with
`
` several examples, network operations,
`
` with several examples, OS registry or
`
` similar operations, again, with a few
`
` examples, OS operations, with some
`
` examples, resource usage thresholds,
`
` etc.
`
` And there are a few other or several other
`
` examples of this kind in the patent.
`
` This, to somebody of ordinary skill in the art,
`
` teaches how you determine these operations.
`
` Q. Was it known before the '494 patent that file
`
` operations such as a file write could be malicious in
`
` the content of this art?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: When you say "this art," could you
`
` be a little bit more specific? Because one of the other
`
` pieces of art that I discuss in my declaration is, in my
`
` opinion, a very different kind of art, and it also
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
` refers to operations such as file write, so what do you
`
`Page 24
`
` mean by "this art"?
`
` BY MR. ARMON:
`
` Q. I'm referring to the '494 patent subject matter.
`
` A. Was it known --
`
` MR. HANNAH: Objection -- objection to form.
`
` THE WITNESS: So your question in effect is:
`
` Was it known prior to the '494 that if you get a
`
` downloadable from the network and it engages in a file
`
` write that, that could be malicious?
`
` BY MR. ARMON:
`
` Q. Correct, that's my question.
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: Okay. Well, one of the
`
` motivations for developing a technology such as what is
`
` taught by the '494 is that it was recognized previously,
`
` I guess, through unpleasant experiences that some
`
` computer owners had, that if a malicious downloadable
`
` came across the network and did a file write or multiple
`
` file writes on a local computer, that it could wreak
`
` havoc.
`
` So in that sense a file write coming from a
`
` malicious downloadable across a network was recognized
`
` prior to the '494 as, again, being a potentially
`
` malicious operation.
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`Palo Alto Networks, Inc. - Exhibit 1100
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2016-00159
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 25
`
` BY MR. ARMON:
`
` Q. Turning back to Claim 1, again (as read):
`
` Turning to the deriving security
`
` profile data for the downloadable,
`
` including a list of suspicious computer
`
` operations that may be attempted by the
`
` downloadable limitation.
`
` Would that limitation be satisfied, in your
`
` opinion, if the security profile data only included
`
` suspicious operations?
`
` MR. HANNAH: Objection, form.
`
` THE WITNESS: If you go through this process and
`
` you derive the security profile data, which has the list
`
` of suspicious computer operations, to the best of your
`
` ability to determine those, and that's what you include
`
` in your security profile data, then that would meet the
`
` elements of
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
